Security Ain’t Nothin’ But a Sandwich

June 8th, 2008

To have to refer back to Microsoft for a security anecdote makes me squirm a bit, but it’s worth it. I remember reading this when it first came out, and thinking it was great. In revisiting it (since it’s referenced in a book I’m reading called The Future of the Internet – And How to Stop It) I still think it’s great. What simpler way to describe the basic trust mentality needed for ALL Internet users than this:

There’s a nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn’t—it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you’ll usually be safe.

The whole article is entitled 10 Immutable Laws of Security and can be found here.